Network Devices

With the discovery of admin (root level) backdoors in network devices of Barracuda in January last year, it once again has become apparent that internet-facing network devices are vulnerable to unauthorized remote access (Goodin, Secret backdoors found in firewall, VPN gear from Barracuda Networks, 2013).

Wardriving requires a computer system with the proper tools installed and a Wi-Fi receiver. Locating Wi-Fi access points has evolved from lugging large computers around in cars, to wardriving apps on smartphones such as WiGLE Wi-Fi Service for Android devices (WiGLE, 2013).

This paper explores threats to data center servers, along with key security controls required to electively protect them, and reviews how the McAfee portfolio of server products aligns with these controls.

Overall there is room to grow in the area of P2P connection research. This limited study only looked at a small area of P2P interactions. There are an ever&#8208; growing number of BitTorrent clients and all of them handle the protocol differently. These differences could greatly impact every area of P2P communications, all of which are areas that could be grounds for research. Further research of how P2P clients interact could provide additional ways to increase efficiency and provide enhanced security.

Small networks tend to grow and often times the growth is unplanned. The result is a network of daisy-chained switches, not the most reliable solution for a multi switch environment. What is needed is a solution which integrates all switches into a single collision domain or IP space. Most administrators would look at a Cisco solution at this point, but maybe we can use a Linux box instead. The Linux bridging software allows us to create a single LAN segment and combined with other Open Source software provide management and monitoring capabilities.

This paper will present a fictitious router impersonation scenario wherein a router is duped into believing an imposter is a router that is already known and trusted. As a result, his routing tables are overwritten and traffic gets re-routed.

Whitelisting provides a lighter means to protect end points, is useful for securing legacy applications and systems, as well as embedded systems and kiosks, and a helpful addition for any robust end point security plan.

It used to be that a printer was connected directly to a computer via a serial or parallel interface, while fax machines and copiers did not connect to a computer at all. You knew where these devices were in your buildings and securing their physical output was your primary concern. In today's all-in-one world, you can now obtain single devices that are not only printers, but also copiers, scanners, and fax machines. These networked multifunction devices (MFDs) are increasingly common in enterprise environments and are manufactured by vendors such as Canon, HP, Kyocera, Xerox, and many others.

This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.

This case study describes the most interesting steps of a project to improve the security of a wide set (about one thousand) of network devices (switches, routers, firewalls) originated from many manufacturers. It is intended to describe a global approach which could be reused to tackle such situations.

During recent years, there has emerged a necessity for all internet users to try to stop inbound threats. Since most internet security is done from a defensive point of view, the questions is left, "Can proactive internet security provide viable solutions to some of the most serious problems facing the internet today?

We note the recent attack on Cisco routers, publicized in July 2003, and analyze this work and expand upon it. This exploit used crafted packets to overflow the input buffer on Cisco devices and caused a Denial of Service, making the device unavailable for legitimate users, leading to loss of network connectivity.

This paper presents how-to options and suggestions for designing and securing an internal network. Scenarios are provided concerning designs that may currently be in place and discussions and analysis on the risks involved and the vulnerabilities presented are included.

This paper will outline vulnerabilities of out-of-band managed systems and devices, provide worksheets for helping to ensure security and give examples of possible architectures for secure remote access.

This paper focuses on the threat of packet sniffing in a switched environment, briefly explores the effect in a non-switched environment, and covers ways to mitigate the threat of network sniffing in both non-switched and switched environments.

This paper discusses the steps of and security features available on a Cisco router for enhancing the security of a network. Topics covered include: the securing of routing updates through neighbor router authentication and route filtering, using IPSec to secure remote administration of Cisco routers; an overview of reflexive access list and content-based application control; combating code red with network-based application recognition; and, performing integrity checking on routers.

In this HOW TO I will investigate how for a typical company you can install and extend a freely available radius server. In addition, detailed steps also show how the extended radius server can be configured to authenticate a selection of different network elements.

This paper will discuss the configuration and use of the Nortel Instant Internet 100-S as a VPN client in one organization's network environment.

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.